Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2021-33646 Memory Leak vulnerability in multiple products
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
network
low complexity
feep huawei fedoraproject CWE-401
7.5
7.5
2022-08-10 CVE-2022-28131 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
7.5
2022-08-10 CVE-2021-37150 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.
network
low complexity
apache debian fedoraproject CWE-20
7.5
7.5
2022-08-10 CVE-2022-25763 HTTP Request Smuggling vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.
network
low complexity
apache debian fedoraproject CWE-444
7.5
7.5
2022-08-10 CVE-2022-28129 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.
network
low complexity
apache debian fedoraproject CWE-20
7.5
7.5
2022-08-10 CVE-2022-31779 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject CWE-20
7.5
7.5
2022-08-10 CVE-2022-31780 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian fedoraproject CWE-20
7.5
7.5
2022-08-06 CVE-2022-37451 Release of Invalid Pointer or Reference vulnerability in multiple products
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
network
low complexity
exim fedoraproject CWE-763
7.5
7.5
2022-08-05 CVE-2022-1158 Use After Free vulnerability in multiple products
A flaw was found in KVM.
local
low complexity
linux fedoraproject redhat CWE-416
7.8
7.8
2022-08-05 CVE-2022-1973 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
local
low complexity
linux fedoraproject netapp CWE-416
7.1
7.1